diff --git a/config.go b/config.go index 7fc6236..42f1dcf 100644 --- a/config.go +++ b/config.go @@ -7,13 +7,13 @@ import ( ) type conf struct { - HttpBindingAddress string - HttpsBindingAddress string + HttpBindingAddress string + HttpsBindingAddress string HttpsRedirectEnabled bool - TLSAutoDomain string - TLSCertFilepath string - TLSCertKeyFilepath string - VaultPrefix string + TLSAutoDomain string + TLSCertFilepath string + TLSCertKeyFilepath string + VaultPrefix string } const HttpBindingAddressVarenv = "SUPERSECRETMESSAGE_HTTP_BINDING_ADDRESS" diff --git a/main.go b/main.go index 06d1fbc..b07956e 100644 --- a/main.go +++ b/main.go @@ -4,9 +4,6 @@ import ( "crypto/tls" "net/http" - "crypto/tls" - "net/http" - "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" "golang.org/x/crypto/acme" @@ -23,12 +20,9 @@ func main() { e.Pre(middleware.HTTPSRedirect()) } - //AutoTLS - autoTLSManager := autocert.Manager{ - Prompt: autocert.AcceptTOS, - // Cache certificates to avoid issues with rate limits (https://letsencrypt.org/docs/rate-limits) - Cache: autocert.DirCache("/var/www/.cache"), - HostPolicy: autocert.HostWhitelist(conf.Domain), + if conf.TLSAutoDomain != "" { + e.AutoTLSManager.HostPolicy = autocert.HostWhitelist(conf.TLSAutoDomain) + e.AutoTLSManager.Cache = autocert.DirCache("/var/www/.cache") } e.Use(middleware.Logger()) @@ -45,36 +39,33 @@ func main() { e.File("/getmsg", "static/getmsg.html") e.Static("/static", "static") - cfg := &tls.Config{ - MinVersion: tls.VersionTLS12, - CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256}, - PreferServerCipherSuites: true, - CipherSuites: []uint16{ - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - }, - //Certificates: nil, // <-- s.ListenAndServeTLS will populate this field - GetCertificate: autoTLSManager.GetCertificate, - NextProtos: []string{acme.ALPNProto}, + if conf.HttpBindingAddress != "" { + if conf.HttpsBindingAddress != "" { + go func(c *echo.Echo) { + e.Logger.Fatal(e.Start(conf.HttpBindingAddress)) + }(e) + } else { + e.Logger.Fatal(e.Start(conf.HttpBindingAddress)) + } } + autoTLSManager := autocert.Manager{ + Prompt: autocert.AcceptTOS, + // Cache certificates to avoid issues with rate limits (https://letsencrypt.org/docs/rate-limits) + Cache: autocert.DirCache("/var/www/.cache"), + //HostPolicy: autocert.HostWhitelist(""), + } s := http.Server{ - Addr: ":443", - Handler: e, // set Echo as handler - TLSConfig: cfg, + Addr: ":443", + Handler: e, // set Echo as handler + TLSConfig: &tls.Config{ + //Certificates: nil, // <-- s.ListenAndServeTLS will populate this field + GetCertificate: autoTLSManager.GetCertificate, + NextProtos: []string{acme.ALPNProto}, + }, //ReadTimeout: 30 * time.Second, // use custom timeouts } - - go func(c *echo.Echo) { - e.Logger.Fatal(e.Start(":80")) - }(e) - if !conf.Local { - e.Logger.Fatal(s.ListenAndServeTLS("", "")) - } else { - e.Logger.Fatal(s.ListenAndServeTLS("cert.pem", "key.pem")) + if err := s.ListenAndServeTLS("", ""); err != http.ErrServerClosed { + e.Logger.Fatal(err) } } diff --git a/vault_test.go b/vault_test.go index 442b326..670a056 100644 --- a/vault_test.go +++ b/vault_test.go @@ -53,33 +53,10 @@ func TestMain(m *testing.M) { os.Exit(code) } -func TestStore(t *testing.T) { - v := newVault(c.Address(), c.Token()) - - var storeParams = []struct { - secret string - ttl string - }{ - // don't allow infinte ttl - {"my secret", "0h"}, - // don't allow more than a week ttl - {"my secret", "169h"}, - } - - for _, tt := range storeParams { - _, err := v.Store(tt.secret, tt.ttl) - - if err == nil { - t.Fatalf("expected error, got: nil") - } - } - -} - func TestStoreAndGet(t *testing.T) { - v := newVault(c.Address(), c.Token()) + v := newVault(c.Address(), "test/", c.Token()) secret := "my secret" - token, err := v.Store(secret, "24h") + token, err := v.Store(secret, "") if err != nil { t.Fatalf("no error expected, got %v", err) } @@ -95,9 +72,9 @@ func TestStoreAndGet(t *testing.T) { } func TestMsgCanOnlyBeAccessedOnce(t *testing.T) { - v := newVault(c.Address(), c.Token()) + v := newVault(c.Address(), "test/", c.Token()) secret := "my secret" - token, err := v.Store(secret, "24h") + token, err := v.Store(secret, "") if err != nil { t.Fatalf("no error expected, got %v", err) }